Add some wirteups and modify colors

.gitignore

@@ -28,4 +28,5 @@ assets/js/dist
 
 # Script
 cleanup
+startup
 *Zone.Identifier

_layouts/projects.html

@@ -0,0 +1,21 @@
+---
+layout: default
+refactor: true
+---
+
+{% include lang.html %}
+
+<article class="px-1">
+  {% if page.layout == 'page' or page.collection == 'tabs' %}
+    {% assign tab_key = page.title | downcase %}
+    {% assign title = site.data.locales[lang].tabs[tab_key] | default: page.title %}
+    <h1 class="dynamic-title">
+      {{ title }}
+    </h1>
+    <div class="content">
+      {{ content }}
+    </div>
+  {% else %}
+    {{ content }}
+  {% endif %}
+</article>

_posts/2024-03-24-unbreakable-individual-2024 copy.md → _posts/2024-03-24-unbreakable-individual-2024.md

@@ -2,7 +2,7 @@
 title: Unbreakable Individual 2024
 date: 2024-03-24 12:00:00 -500
 categories: [CTF Writeups, Unbreakable]
-tags: [reverse,mobile,web,forsenics,steganography,osint,crypto]
+tags: [reverse,mobile,web,forsenics,stegano,osint,crypto]
 image: /assets/img/logos/logo-unbreakable.png
 ---
 

_posts/2024-09-10-cyberedu-bork-sauls.md

@@ -0,0 +1,89 @@
+---
+title: Bork Sauls - CyberEDU
+date: 2024-09-10 07:00:00 -500
+categories: [CTF Writeups, CyberEdu, Reverse]
+tags: [reverse,integer-overflow]
+image: /assets/img/logos/cyberedu.png
+
+---
+# Bork Sauls - CyberEDU
+
+**Flag : <span style="color:rgb(60, 179, 113)">ctf{d8194ce78a6c555adae9c14fe56674e97ba1afd88609c99dcb95fc599dcbc9f5}</span>**
+- Difficulty: Easy
+
+Firstly, I decompiled the file to see what is inside.
+
+![image](https://github.com/Inf3n0s/CTF-Writeups/assets/75357316/47bce577-0bdc-4369-93c0-2247be6d0ce3)
+
+```c
+undefined8 main(EVP_PKEY_CTX *param_1)
+{
+  int local_14;
+  int local_10;
+  uint local_c;
+
+  init(param_1);
+  local_c = 100000;
+  local_10 = 0;
+  puts("You enter the room, and you meet the Dancer of the Boreal Valley. You have 3 options.");
+  do {
+    puts("Choose: \n1.Roll\n2.Hit(only 3 times)\n3.Throw Estus flask at the boss (wut?)\n4.Alt-F4\n"
+        );
+    __isoc99_scanf(&DAT_001020b5,&local_14);
+    if (local_14 == 3) {
+      local_c = local_c + 1999999;
+    }
+    else if (local_14 < 4) {
+      if (0 < local_14) {
+        if (local_10 < 3) {
+          local_c = local_c - 30000;
+        }
+        local_10 = local_10 + 1;
+      }
+    }
+    else if (local_14 == 4) {
+                    /* WARNING: Subroutine does not return */
+      exit(0);
+    }
+    printf("Health: %d\n",(ulong)local_c);
+  } while (-1 < (int)local_c);
+  printf("Congratulations. Here\'s your flag: ");
+  system("cat flag.txt");
+  return 0;
+}
+```
+
+I understand what I need to do : 
+```c
+if(-1 > (int)local_c);
+```
+
+I will go on pass to the instruction where `cat flag`
+
+OK, but in normal mode you think it's impossible. Hmm, INT_MAX = **2147483647**, but what happened if you increment the "INT_MAX" => INT_MIN = -INT_MAX = **-2147483647** which is negative => GG
+
+## Solve script:
+```python
+from pwn import *
+
+
+context.log_level = "debug"
+
+r = remote("34.159.73.134", 30149)
+#r = process("./bork_sauls")
+
+INT_MAX = 2147483647 # maximum value of an int (C/C++)
+
+health = 100000
+health_added = 1999999
+
+while health < INT_MAX:
+  health += health_added
+  r.recvuntil(b"4.Alt-F4")
+  r.sendline(b"3")
+
+r.recvuntil(b"Here's your flag: ")
+flag = r.recvline().strip().decode()
+
+print(flag)
+```

_posts/2024-09-10-cyberedu-flag-is-hidden.md

@@ -0,0 +1,27 @@
+---
+title: Flag is hidden - CyberEDU
+date: 2024-09-10 07:00:00 -500
+categories: [CTF Writeups, CyberEdu, Mobile]
+tags: [reverse,mobule,apktool,stegano]
+image: /assets/img/logos/cyberedu.png
+
+---
+# Flag is hidden - CyberEDU
+
+**Flag : <span style="color:rgb(60, 179, 113)">ECSC{a3cfc7f4f812cc4b511f6de4dc150422f49e817c0f61321852a81e6b5f3961ba}</span>**
+- Difficulty: **Easy**
+
+For this challenge I use 2 tools: `JADX-GUI` and `APKtool` 
+
+Firstly I like to look in `JADX-GUI` to check code and resources. 
+
+![image](https://github.com/Inf3n0s/CTF-Writeups/assets/75357316/2099bc80-2a66-4deb-a010-e037f39b8e16)
+
+Good in challenge description, we found a hint `PS: stegano tools can "rock your" score` => stegano + "rockyou.txt"
+
+I use `apktool d flag.apk` and I search the image and I use [`stegcracker`](https://github.com/Paradoxis/StegCracker) to find what is inside 
+`stegcracker ./flag/res/drawable-v24/splash.jpg /usr/share/wordlists/rockyou.txt`
+
+After that `cat ./flag/res/drawable-v24/splash.jpg.out` => `fla................................................GGGGGG{RUNTQ3thM2NmYzdmNGY4MTJjYzRiNTExZjZkZTRkYzE1MDQyMmY0OWU4MTdjMGY2MTMyMTg1MmE4MWU2YjVmMzk2MWJhfQ==}`
+
+![image](https://github.com/Inf3n0s/CTF-Writeups/assets/75357316/2d44a7ea-1987-4a1b-bfdb-0819c6d11e05)

_posts/2024-09-10-cyberedu-old-school.md

@@ -0,0 +1,184 @@
+---
+title: Old School - ROCSC && CyberEDU
+date: 2024-09-10 07:00:00 -500
+categories: [CTF Writeups, CyberEdu, ROCSC, Reverse]
+tags: [reverse,cracking]
+image: /assets/img/logos/cyberedu.png
+
+---
+# Old School - ROCSC && CyberEDU
+
+**Flag : <span style="color:rgb(60, 179, 113)">ROSCSC{LCRO-ECSC-8989-1918}</span>**
+- Difficulty: **Medium**
+
+Firstly, check out the description because, this challenge it's so tricky : `formatul ROSCSC{cod_licenta}.` REMEMBER **`ROSCSC`** it's the first part of the flag, for example I lose 20 minutes to find what is wrong with my flag.
+
+Let's dive in: 
+```python
+└──╼ $strings Uncrackable.exe
+!This program cannot be run in DOS mode.
+Rich
+.text
+`.data
+.rsrc
+MSVBVM60.DLL
+Uncrackable
+Form1
+Uncrackable license checker
+Form1
+Command1
+Verificare
+Text1
+Label1
+License code:
+VB5!
+Uncrackable
+Uncrackable
+Uncrackable
+Form1
+Uncrackable
+Label1
+C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
+```
+
+Now I find the program it's a Visual Basics (VB) App. Now, I search [VB Decompiler](https://www.vb-decompiler.org/download.htm) and that's I found, I test on my self, but if you don't want to run "untrusted" softwares, I will attach the decomplied version in writeup.
+
+```cs
+Data Table: 40288C
+  loc_402BD8: LitStr "LCRO"
+  loc_402BDB: FStStrCopy var_8C
+  loc_402BDE: LitStr "CSCE"
+  loc_402BE1: ImpAdCallI2 StrReverse()
+  loc_402BE6: FStStr var_90
+  loc_402BE9: LitI2 8989
+  loc_402BEC: FStI2 var_92
+  loc_402BEF: LitI2_Byte 1
+  loc_402BF1: CUI1I2
+  loc_402BF3: LitI4 1
+  loc_402BF8: FLdRfVar var_AC
+  loc_402BFB: Ary1StUI1
+  loc_402BFD: LitI2_Byte 9
+  loc_402BFF: CUI1I2
+  loc_402C01: LitI4 2
+  loc_402C06: FLdRfVar var_AC
+  loc_402C09: Ary1StUI1
+  loc_402C0B: LitI2_Byte 1
+  loc_402C0D: CUI1I2
+  loc_402C0F: LitI4 3
+  loc_402C14: FLdRfVar var_AC
+  loc_402C17: Ary1StUI1
+  loc_402C19: LitI2_Byte 8
+  loc_402C1B: CUI1I2
+  loc_402C1D: LitI4 4
+  loc_402C22: FLdRfVar var_AC
+  loc_402C25: Ary1StUI1
+  loc_402C27: LitStr "-"
+  loc_402C2A: FStStrCopy var_B4
+  loc_402C2D: ILdRf var_8C
+  loc_402C30: ILdRf var_B4
+  loc_402C33: ConcatStr
+  loc_402C34: FStStrNoPop var_BC
+  loc_402C37: ILdRf var_90
+  loc_402C3A: ConcatStr
+  loc_402C3B: FStStrNoPop var_C0
+  loc_402C3E: ILdRf var_B4
+  loc_402C41: ConcatStr
+  loc_402C42: FStStrNoPop var_C4
+  loc_402C45: FLdI2 var_92
+  loc_402C48: CStrUI1
+  loc_402C4A: FStStrNoPop var_C8
+  loc_402C4D: ConcatStr
+  loc_402C4E: FStStrNoPop var_CC
+  loc_402C51: ILdRf var_B4
+  loc_402C54: ConcatStr
+  loc_402C55: FStStrNoPop var_D0
+  loc_402C58: LitI4 1
+  loc_402C5D: FLdRfVar var_AC
+  loc_402C60: Ary1LdUI1
+  loc_402C62: CStrI2
+  loc_402C64: FStStrNoPop var_D4
+  loc_402C67: ConcatStr
+  loc_402C68: FStStrNoPop var_D8
+  loc_402C6B: LitI4 2
+  loc_402C70: FLdRfVar var_AC
+  loc_402C73: Ary1LdUI1
+  loc_402C75: CStrI2
+  loc_402C77: FStStrNoPop var_DC
+  loc_402C7A: ConcatStr
+  loc_402C7B: FStStrNoPop var_E0
+  loc_402C7E: LitI4 3
+  loc_402C83: FLdRfVar var_AC
+  loc_402C86: Ary1LdUI1
+  loc_402C88: CStrI2
+  loc_402C8A: FStStrNoPop var_E4
+  loc_402C8D: ConcatStr
+  loc_402C8E: FStStrNoPop var_E8
+  loc_402C91: LitI4 4
+  loc_402C96: FLdRfVar var_AC
+  loc_402C99: Ary1LdUI1
+  loc_402C9B: CStrI2
+  loc_402C9D: FStStrNoPop var_EC
+  loc_402CA0: ConcatStr
+  loc_402CA1: FStStr var_B8
+  loc_402CA4: FFreeStr var_BC = "": var_C0 = "": var_C4 = "": var_C8 = "": var_CC = "": var_D0 = "": var_D4 = "": var_D8 = "": var_DC = "": var_E0 = "": var_E4 = "": var_E8 = ""
+  loc_402CC1: FLdRfVar var_BC
+  loc_402CC4: FLdPrThis
+  loc_402CC5: VCallAd Control_ID_Text1
+  loc_402CC8: FStAdFunc var_F0
+  loc_402CCB: FLdPr var_F0
+  loc_402CCE:  = Me.Text
+  loc_402CD3: FLdZeroAd var_BC
+  loc_402CD6: FStStr var_88
+  loc_402CD9: FFree1Ad var_F0
+  loc_402CDC: ILdRf var_B8
+  loc_402CDF: ILdRf var_88
+  loc_402CE2: EqStr
+  loc_402CE4: BranchF loc_402D13
+  loc_402CE7: LitVar_Missing var_170
+  loc_402CEA: LitVar_Missing var_150
+  loc_402CED: LitVar_Missing var_130
+  loc_402CF0: LitI4 0
+  loc_402CF5: LitVarStr var_100, "Cracked!"
+  loc_402CFA: FStVarCopyObj var_110
+  loc_402CFD: FLdRfVar var_110
+  loc_402D00: ImpAdCallFPR4 MsgBox(, , , , )
+  loc_402D05: FFreeVar var_110 = "": var_130 = "": var_150 = ""
+  loc_402D10: Branch loc_402D3C
+  loc_402D13: LitVar_Missing var_170
+  loc_402D16: LitVar_Missing var_150
+  loc_402D19: LitVar_Missing var_130
+  loc_402D1C: LitI4 0
+  loc_402D21: LitVarStr var_100, "Incearca mai tare"
+  loc_402D26: FStVarCopyObj var_110
+  loc_402D29: FLdRfVar var_110
+  loc_402D2C: ImpAdCallFPR4 MsgBox(, , , , )
+  loc_402D31: FFreeVar var_110 = "": var_130 = "": var_150 = ""
+  loc_402D3C: ExitProcHresult
+```
+
+```cs
+  loc_402CDC: ILdRf var_B8
+  loc_402CDF: ILdRf var_88
+  loc_402CE2: EqStr
+```
+var_88 will be the license code input, which will be compere with var_B8 = correct license code
+
+```cs
+var_8C = "LCRO"
+var90 = reverse("CSCE") = "ECSC"
+var92 = 8989
+var_AC it's a vector => 1918
+```
+
+This instructions add "-" in each part of license code
+```cs
+  loc_402C27: LitStr "-"
+  loc_402C2A: FStStrCopy var_B4
+  loc_402C2D: ILdRf var_8C
+  loc_402C30: ILdRf var_B4
+  loc_402C33: ConcatStr
+```
+
+=> License code = **LCRO-ECSC-8989-1918**
+
+And GG, we successful crack the program and found flag.